My sister has her Fastmail account set up on her iphone and two ipads under the standard iphone mail app. I don't know if this is using mail.messagingengine.com or imap.fastmail.com as she is not here at the moment.

This is working perfectly but she has never set up an app password so why is this working?

My reason for asking is that she has just upgraded from a free account to a paid account an I was therefore going to change her SMTP server from Gmail to Fastmail so that she has no problems emailing from abroad (Gmail is awkward about this). I am therefore unsure if I need to set up an app password yet if the old settings still work. If I do need to set up an app password for her, will I just need one (as the 3 devices are all using the same app) or will I need three?

I think app passwords are ultimately going to become compulsory for everyone. If making changes now anyway, you might as well bite the bullet and get it done. You need a separate password for each device. Part of the idea is that a password for one device cannot be used on another.

I see some incorrect information posted in this thread. You should read Fastmail help to answer such questions about setting up new clients:

Quote:

Every third party program or app needs its own app password to access your information. For the FastMail app, you need to use your normal password. If you use your normal password or your FastMail two step verification password on an external account, syncing to an external service won't work and you will see a password error.

On January 31, 2017, I asked Fastmail about the migration of old clients to the current system, and this is the reply:

Quote:

So if you use imap.fastmail.com/pop.fastmail.com/smtp.fastmail.com, you have to use an app password. This is what we recommend people use, what we advertise in our docs, and what all the auto-config services *should* use.

If you still use mail.messagingengine.com when you setup your client a while back, you can still use your master password.

The long term aim is:

1. Disable new users from using mail.messagingengine.com altogether (we can't do this just yet, because there's been some problems with iOS auto-config still returning the old mail.messagingengine.com server name), but I hope we can do it soon

2. Bit by bit, direct old users still using mail.messagingengine.com to switch to (imap/pop/smtp).fastmail.com with an app password

3. Eventually (likely years down the track), remove mail.messagingengine.com

Thanks for the info, I have a clearer picture now. I did look at the Fastmail help pages but also wondered why it was working now as I had never set up an app password for her. When I originally set it up, the iOS devices just auto configured the servers but I had to change the outgoing servers as it was only a guest account. That's also why I didn't use the Fastmail app originally. She's used to the iOS mail app now. Anyway, she's now gone on holiday without me having made any changes to the SMTP server so no doubt she will wonder why she can't email when she has paid. I did explain to her but some people you just can't reach. I'll have to sort it when she gets back.

You need a separate password for each device. Part of the idea is that a password for one device cannot be used on another.

Just to be clear, you don't technically need to use a separate password for each device, although it's strongly recommended for the reasons BritTim more or less describes — if you lose one device, you can easily invalidate that specific password without having to change your password everywhere else.

Of course, as Bill points out, FastMail's own native mobile app doesn't use an app password, but uses your primary FastMail password. However, if you lose a device with the FastMail app installed, you can log that connection out from the Password & Security section of your FastMail settings on the web (just below the same place you would go to create or remove App Passwords).

App Passwords also have the benefit that you can limit them to only work with specific services, so you can have a password that works with your third-party mail app without it also providing access to your calendar, contacts, or files, or you can have a password that only works with SMTP so you can use it in situations where you have an app or service that you only want to use for sending mail through your FastMail account.

All of that said, however, there's absolutely nothing preventing you from generating a single App Password and using it across all of your devices and apps. You won't be able to go back and look up an App Password once you've created it and moved past the screen where it's displayed, but there's obviously nothing preventing you from writing it down or storing it in something like 1Password and then just re-using it. Again, this isn't recommended as it's less secure, but there's nothing preventing you from doing it.

The native IPhone app (client) that comes with the Iphone 6 does not have a way to add an app password. Maybe 3rd party apps on the IPhone let you add an app password but I see no way to do this with the native app. The Fastmail instructions say to open Settings, Password & Security but when I go into the Settings menu for the IPhone there is no Password & Security screen to choose!